create-nara 1.0.21 → 1.0.23

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-nara",
-  "version": "1.0.21",
+  "version": "1.0.23",
   "description": "CLI to scaffold NARA projects",
   "type": "module",
   "bin": {

package/templates/features/auth/app/controllers/UserController.ts

@@ -1,21 +1,71 @@
-import { BaseController, jsonSuccess, ValidationError } from '@nara-web/core';
+import { BaseController, jsonSuccess, jsonError, ValidationError } from '@nara-web/core';
 import type { NaraRequest, NaraResponse } from '@nara-web/core';
+import { UserModel } from '../models/User.js';
+import { db } from '../config/database.js';
 import bcrypt from 'bcrypt';
 
 export class UserController extends BaseController {
   async index(req: NaraRequest, res: NaraResponse) {
-    // TODO: Implement pagination and filtering
-    // const { page = 1, limit = 10, search, filter } = req.query;
-    // const users = await UserModel.paginate({ page, limit, search, filter });
+    // Get query parameters
+    const page = parseInt(req.query?.page as string) || 1;
+    const limit = parseInt(req.query?.limit as string) || 10;
+    const search = (req.query?.search as string) || '';
+    const filter = (req.query?.filter as string) || 'all';
+    const offset = (page - 1) * limit;
+
+    // Build query
+    let query = db('users').select(
+      'id', 'name', 'email', 'phone', 'avatar', 'role',
+      'email_verified_at', 'created_at', 'updated_at'
+    );
+
+    // Apply search filter
+    if (search) {
+      query = query.where(function() {
+        this.where('name', 'like', `%${search}%`)
+            .orWhere('email', 'like', `%${search}%`);
+      });
+    }
+
+    // Apply role filter
+    if (filter === 'admin') {
+      query = query.where('role', 'admin');
+    } else if (filter === 'user') {
+      query = query.where('role', 'user');
+    } else if (filter === 'verified') {
+      query = query.whereNotNull('email_verified_at');
+    } else if (filter === 'unverified') {
+      query = query.whereNull('email_verified_at');
+    }
+
+    // Get total count for pagination
+    const countQuery = query.clone();
+    const [{ count: totalCount }] = await countQuery.count('* as count');
+    const total = Number(totalCount);
+
+    // Apply pagination and ordering
+    const users = await query
+      .orderBy('created_at', 'desc')
+      .limit(limit)
+      .offset(offset);
+
+    // Transform users to include is_admin and is_verified flags
+    const transformedUsers = users.map(user => ({
+      ...user,
+      is_admin: user.role === 'admin',
+      is_verified: !!user.email_verified_at
+    }));
+
+    const totalPages = Math.ceil(total / limit);
 
     return jsonSuccess(res, {
-      users: [],
-      total: 0,
-      page: 1,
-      limit: 10,
-      totalPages: 0,
-      hasNext: false,
-      hasPrev: false,
+      users: transformedUsers,
+      total,
+      page,
+      limit,
+      totalPages,
+      hasNext: page < totalPages,
+      hasPrev: page > 1,
     });
   }
 
@@ -29,12 +79,40 @@ export class UserController extends BaseController {
       });
     }
 
-    // TODO: Create user in database
-    // const hashedPassword = password ? await bcrypt.hash(password, 10) : null;
-    // const user = await UserModel.create({ name, email, password: hashedPassword, phone, is_admin, is_verified });
+    // Check if email already exists
+    const existing = await UserModel.findByEmail(email);
+    if (existing) {
+      throw new ValidationError({ email: ['Email already registered'] });
+    }
+
+    // Hash password if provided, otherwise generate random
+    const hashedPassword = password
+      ? await bcrypt.hash(password, 10)
+      : await bcrypt.hash(Math.random().toString(36).slice(-8), 10);
+
+    // Create user in database
+    const [userId] = await UserModel.create({
+      name,
+      email,
+      password: hashedPassword,
+      phone: phone || null,
+      role: is_admin ? 'admin' : 'user',
+      email_verified_at: is_verified ? new Date().toISOString() : null
+    });
+
+    // Fetch created user
+    const user = await UserModel.findById(userId);
 
     return jsonSuccess(res, {
-      user: { id: '1', name, email, phone, is_admin, is_verified }
+      user: {
+        id: user?.id,
+        name: user?.name,
+        email: user?.email,
+        phone: user?.phone,
+        avatar: user?.avatar,
+        is_admin: user?.role === 'admin',
+        is_verified: !!user?.email_verified_at
+      }
     }, 'User created successfully');
   }
 
@@ -49,15 +127,49 @@ export class UserController extends BaseController {
       });
     }
 
-    // TODO: Update user in database
-    // const updateData: any = { name, email, phone, is_admin, is_verified };
-    // if (password) {
-    //   updateData.password = await bcrypt.hash(password, 10);
-    // }
-    // await UserModel.update(id, updateData);
+    // Check if user exists
+    const existingUser = await UserModel.findById(Number(id));
+    if (!existingUser) {
+      return jsonError(res, 'User not found', 404);
+    }
+
+    // Check if email is taken by another user
+    const emailUser = await UserModel.findByEmail(email);
+    if (emailUser && emailUser.id !== Number(id)) {
+      throw new ValidationError({ email: ['Email already registered'] });
+    }
+
+    // Build update data
+    const updateData: Record<string, any> = {
+      name,
+      email,
+      phone: phone || null,
+      role: is_admin ? 'admin' : 'user',
+      email_verified_at: is_verified ? (existingUser.email_verified_at || new Date().toISOString()) : null,
+      updated_at: new Date().toISOString()
+    };
+
+    // Hash new password if provided
+    if (password) {
+      updateData.password = await bcrypt.hash(password, 10);
+    }
+
+    // Update user in database
+    await UserModel.update(Number(id), updateData);
+
+    // Fetch updated user
+    const user = await UserModel.findById(Number(id));
 
     return jsonSuccess(res, {
-      user: { id, name, email, phone, is_admin, is_verified }
+      user: {
+        id: user?.id,
+        name: user?.name,
+        email: user?.email,
+        phone: user?.phone,
+        avatar: user?.avatar,
+        is_admin: user?.role === 'admin',
+        is_verified: !!user?.email_verified_at
+      }
     }, 'User updated successfully');
   }
 
@@ -70,9 +182,15 @@ export class UserController extends BaseController {
       });
     }
 
-    // TODO: Delete users from database
-    // await UserModel.deleteMany(ids);
+    // Prevent deleting current user
+    const currentUserId = req.user?.id;
+    if (currentUserId && ids.includes(currentUserId)) {
+      return jsonError(res, 'Cannot delete your own account', 400);
+    }
+
+    // Delete users from database
+    const deleted = await db('users').whereIn('id', ids).delete();
 
-    return jsonSuccess(res, {}, `${ids.length} user(s) deleted successfully`);
+    return jsonSuccess(res, { deleted }, `${deleted} user(s) deleted successfully`);
   }
 }

package/templates/svelte/resources/js/components/helper.ts

@@ -144,6 +144,73 @@ function formatValidationErrors(errors: Record<string, string[]> | undefined): s
   return messages.join('; ');
 }
 
+/**
+ * Map HTTP status codes to human-readable messages
+ */
+function getHttpErrorMessage(status: number, statusText?: string): string {
+  const messages: Record<number, string> = {
+    400: 'Invalid request. Please check your input.',
+    401: 'Please log in to continue.',
+    403: 'You do not have permission to perform this action.',
+    404: 'The requested resource was not found.',
+    405: 'This action is not allowed.',
+    408: 'Request timed out. Please try again.',
+    409: 'This action conflicts with existing data.',
+    413: 'File too large. Please upload a smaller file.',
+    422: 'Invalid data provided. Please check your input.',
+    429: 'Too many requests. Please wait a moment.',
+    500: 'Server error. Please try again later.',
+    502: 'Server is temporarily unavailable.',
+    503: 'Service unavailable. Please try again later.',
+    504: 'Server took too long to respond.',
+  };
+  return messages[status] || statusText || `Error ${status}`;
+}
+
+/**
+ * Parse error from various response types
+ */
+function parseErrorResponse(error: unknown): { message: string; code?: string; errors?: Record<string, string[]> } {
+  const axiosError = error as {
+    response?: { status?: number; statusText?: string; data?: ApiResponse | string };
+    message?: string;
+    code?: string;
+  };
+
+  // Network error (no response)
+  if (!axiosError.response) {
+    if (axiosError.code === 'ERR_NETWORK') {
+      return { message: 'Unable to connect to server. Please check your connection.' };
+    }
+    if (axiosError.code === 'ECONNABORTED') {
+      return { message: 'Request timed out. Please try again.' };
+    }
+    return { message: axiosError.message || 'Network error. Please try again.' };
+  }
+
+  const { status, statusText, data } = axiosError.response;
+
+  // If response is a string (HTML error page), use status code message
+  if (typeof data === 'string') {
+    return { message: getHttpErrorMessage(status || 500, statusText) };
+  }
+
+  // If response is JSON with our API format
+  if (data && typeof data === 'object') {
+    const apiResponse = data as ApiResponse;
+    if (apiResponse.message) {
+      return {
+        message: apiResponse.message,
+        code: apiResponse.code,
+        errors: apiResponse.errors
+      };
+    }
+  }
+
+  // Fallback to HTTP status message
+  return { message: getHttpErrorMessage(status || 500, statusText) };
+}
+
 /**
  * Standardized API call wrapper that handles JSON responses from backend
  */
@@ -152,11 +219,11 @@ export async function api<T = unknown>(
   options: ApiOptions = {}
 ): Promise<ApiResponse<T>> {
   const { showSuccessToast = true, showErrorToast = true } = options;
-  
+
   try {
     const response = await axiosCall();
     const result = response.data;
-    
+
     if (result.success) {
       if (showSuccessToast && result.message) {
         Toast(result.message, 'success');
@@ -164,27 +231,24 @@ export async function api<T = unknown>(
       return { success: true, message: result.message, data: result.data };
     } else {
       if (showErrorToast) {
-        const errorMsg = result.errors 
-          ? formatValidationErrors(result.errors) || result.message 
+        const errorMsg = result.errors
+          ? formatValidationErrors(result.errors) || result.message
           : result.message;
         if (errorMsg) Toast(errorMsg, 'error');
       }
       return { success: false, message: result.message, code: result.code, errors: result.errors };
     }
   } catch (error: unknown) {
-    const axiosError = error as { response?: { data?: ApiResponse } };
-    const message = axiosError?.response?.data?.message || 'An error occurred. Please try again.';
-    const code = axiosError?.response?.data?.code;
-    const errors = axiosError?.response?.data?.errors;
-    
+    const parsed = parseErrorResponse(error);
+
     if (showErrorToast) {
-      const errorMsg = errors 
-        ? formatValidationErrors(errors) || message 
-        : message;
+      const errorMsg = parsed.errors
+        ? formatValidationErrors(parsed.errors) || parsed.message
+        : parsed.message;
       Toast(errorMsg, 'error');
     }
-    
-    return { success: false, message, code, errors };
+
+    return { success: false, message: parsed.message, code: parsed.code, errors: parsed.errors };
   }
 }
 

package/templates/svelte/resources/js/pages/auth/forgot-password.svelte

@@ -28,24 +28,44 @@
                 headers: { 'Content-Type': 'application/json' },
                 body: JSON.stringify({ email: form.email })
             });
+
+            // Handle non-JSON responses
+            const contentType = response.headers.get('content-type');
+            if (!contentType || !contentType.includes('application/json')) {
+                const statusMessages: Record<number, string> = {
+                    400: 'Please enter a valid email address.',
+                    404: 'Password reset service not available.',
+                    429: 'Too many requests. Please wait a moment.',
+                    500: 'Server error. Please try again later.',
+                };
+                Toast(statusMessages[response.status] || `Server error (${response.status})`, 'error');
+                return;
+            }
+
             const result = await response.json();
 
             if (result.success) {
                 success = true;
                 form.email = "";
-                Toast(result.message || 'Reset link sent!', 'success');
+                Toast(result.message || 'Reset link sent! Check your email.', 'success');
             } else {
                 // Handle validation errors
                 if (result.errors) {
                     const errorMessages = Object.values(result.errors).flat() as string[];
-                    Toast(errorMessages[0] || result.message || 'Failed to send reset link', 'error');
+                    Toast(errorMessages[0] || result.message || 'Please enter a valid email address.', 'error');
                 } else {
-                    Toast(result.message || 'Failed to send reset link', 'error');
+                    Toast(result.message || 'Failed to send reset link. Please try again.', 'error');
                 }
             }
         } catch (err: unknown) {
-            const errorMessage = err instanceof Error ? err.message : 'Network error. Please check your connection.';
-            Toast(errorMessage, 'error');
+            if (err instanceof SyntaxError) {
+                Toast('Server returned an invalid response. Please try again.', 'error');
+            } else if (err instanceof TypeError) {
+                Toast('Unable to connect to server. Please check your connection.', 'error');
+            } else {
+                const errorMessage = err instanceof Error ? err.message : 'An unexpected error occurred.';
+                Toast(errorMessage, 'error');
+            }
         } finally {
             loading = false;
         }

package/templates/svelte/resources/js/pages/auth/login.svelte

@@ -34,6 +34,22 @@
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({ email: form.email, password: form.password })
       });
+
+      // Handle non-JSON responses (server errors returning HTML)
+      const contentType = response.headers.get('content-type');
+      if (!contentType || !contentType.includes('application/json')) {
+        const statusMessages: Record<number, string> = {
+          401: 'Invalid email or password.',
+          403: 'Access denied.',
+          404: 'Login service not available.',
+          500: 'Server error. Please try again later.',
+          502: 'Server is temporarily unavailable.',
+          503: 'Service unavailable. Please try again later.',
+        };
+        Toast(statusMessages[response.status] || `Server error (${response.status})`, 'error');
+        return;
+      }
+
       const result = await response.json();
 
       if (result.success) {
@@ -43,14 +59,21 @@
         // Handle validation errors
         if (result.errors) {
           const errorMessages = Object.values(result.errors).flat() as string[];
-          Toast(errorMessages[0] || result.message || 'Login failed', 'error');
+          Toast(errorMessages[0] || result.message || 'Invalid email or password.', 'error');
         } else {
-          Toast(result.message || 'Login failed', 'error');
+          Toast(result.message || 'Invalid email or password.', 'error');
         }
       }
     } catch (err: unknown) {
-      const errorMessage = err instanceof Error ? err.message : 'Network error. Please check your connection.';
-      Toast(errorMessage, 'error');
+      // Network or parsing error
+      if (err instanceof SyntaxError) {
+        Toast('Server returned an invalid response. Please try again.', 'error');
+      } else if (err instanceof TypeError && (err.message.includes('fetch') || err.message.includes('network'))) {
+        Toast('Unable to connect to server. Please check your connection.', 'error');
+      } else {
+        const errorMessage = err instanceof Error ? err.message : 'An unexpected error occurred.';
+        Toast(errorMessage, 'error');
+      }
     } finally {
       loading = false;
     }

package/templates/svelte/resources/js/pages/auth/register.svelte

@@ -42,6 +42,23 @@
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({ name: form.name, email: form.email, password: form.password })
       });
+
+      // Handle non-JSON responses (server errors returning HTML)
+      const contentType = response.headers.get('content-type');
+      if (!contentType || !contentType.includes('application/json')) {
+        const statusMessages: Record<number, string> = {
+          400: 'Invalid registration data.',
+          403: 'Registration is not allowed.',
+          404: 'Registration service not available.',
+          409: 'This email is already registered.',
+          500: 'Server error. Please try again later.',
+          502: 'Server is temporarily unavailable.',
+          503: 'Service unavailable. Please try again later.',
+        };
+        Toast(statusMessages[response.status] || `Server error (${response.status})`, 'error');
+        return;
+      }
+
       const result = await response.json();
 
       if (result.success) {
@@ -51,14 +68,21 @@
         // Handle validation errors
         if (result.errors) {
           const errorMessages = Object.values(result.errors).flat() as string[];
-          Toast(errorMessages[0] || result.message || 'Registration failed', 'error');
+          Toast(errorMessages[0] || result.message || 'Registration failed. Please check your input.', 'error');
         } else {
-          Toast(result.message || 'Registration failed', 'error');
+          Toast(result.message || 'Registration failed. Please check your input.', 'error');
         }
       }
     } catch (err: unknown) {
-      const errorMessage = err instanceof Error ? err.message : 'Network error. Please check your connection.';
-      Toast(errorMessage, 'error');
+      // Network or parsing error
+      if (err instanceof SyntaxError) {
+        Toast('Server returned an invalid response. Please try again.', 'error');
+      } else if (err instanceof TypeError && (err.message.includes('fetch') || err.message.includes('network'))) {
+        Toast('Unable to connect to server. Please check your connection.', 'error');
+      } else {
+        const errorMessage = err instanceof Error ? err.message : 'An unexpected error occurred.';
+        Toast(errorMessage, 'error');
+      }
     } finally {
       loading = false;
     }

package/templates/svelte/resources/js/pages/auth/reset-password.svelte

@@ -42,23 +42,43 @@
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({ password: form.password, token: form.token })
       });
+
+      // Handle non-JSON responses
+      const contentType = response.headers.get('content-type');
+      if (!contentType || !contentType.includes('application/json')) {
+        const statusMessages: Record<number, string> = {
+          400: 'Invalid reset request. Please try again.',
+          401: 'Reset link has expired. Please request a new one.',
+          404: 'Password reset service not available.',
+          500: 'Server error. Please try again later.',
+        };
+        Toast(statusMessages[response.status] || `Server error (${response.status})`, 'error');
+        return;
+      }
+
       const result = await response.json();
 
       if (result.success) {
-        Toast(result.message || 'Password reset successful', 'success');
+        Toast(result.message || 'Password reset successful! Please log in.', 'success');
         router.visit('/login');
       } else {
         // Handle validation errors
         if (result.errors) {
           const errorMessages = Object.values(result.errors).flat() as string[];
-          Toast(errorMessages[0] || result.message || 'Password reset failed', 'error');
+          Toast(errorMessages[0] || result.message || 'Password reset failed. Please try again.', 'error');
         } else {
-          Toast(result.message || 'Password reset failed', 'error');
+          Toast(result.message || 'Password reset failed. Please try again.', 'error');
         }
       }
     } catch (err: unknown) {
-      const errorMessage = err instanceof Error ? err.message : 'Network error. Please check your connection.';
-      Toast(errorMessage, 'error');
+      if (err instanceof SyntaxError) {
+        Toast('Server returned an invalid response. Please try again.', 'error');
+      } else if (err instanceof TypeError) {
+        Toast('Unable to connect to server. Please check your connection.', 'error');
+      } else {
+        const errorMessage = err instanceof Error ? err.message : 'An unexpected error occurred.';
+        Toast(errorMessage, 'error');
+      }
     } finally {
       loading = false;
     }